| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and Server 2008 R2 SP1 does not properly consider thread-owned objects during the processing of window handles, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability." |
| The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests. |
| RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. |
| SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via unspecified vectors. |
| Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors. |
| PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account. |
| SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote attackers to bypass intended access restrictions via unspecified vectors. |
| Google Chrome before 31.0.1650.57 allows remote attackers to bypass intended sandbox restrictions by leveraging access to a renderer process, as demonstrated during a Mobile Pwn2Own competition at PacSec 2013, a different vulnerability than CVE-2013-6632. |
| BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 on Mac OS X does not properly determine the user account for execution of Peer Manager in certain situations involving successive logins with different accounts, which allows context-dependent attackers to bypass intended restrictions on remote file-access folders via IPv6 WebDAV requests, a different vulnerability than CVE-2013-3694. |
| The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x through 9.0.0.1 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. |
| IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL. |
| IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not properly isolate the cached data of different users, which allows remote authenticated users to obtain sensitive information in opportunistic circumstances by leveraging access to the same web container. |
| The charting component in IBM WebSphere Dashboard Framework (WDF) 6.1.5 and 7.0.1 allows remote attackers to view or delete image files by leveraging incorrect security constraints for a temporary directory. |
| The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 before HF1 does not properly restrict unsigned Java plugins, which allows remote attackers to obtain sensitive information via unspecified vectors. |
| IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive component information via unspecified vectors. |
| Cisco Cloud Portal 9.4 allows remote attackers to read files of unspecified types via a direct request, aka Bug IDs CSCuj08426 and CSCui60889. |
| The NVIDIA UNIX driver before 295.40 allows local users to access arbitrary memory locations by leveraging GPU device-node read/write privileges. |
| Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. |
| Cisco SRP 520 series devices with firmware before 1.1.26 and SRP 520W-U and 540 series devices with firmware before 1.2.4 allow remote attackers to replace the configuration file via an upload request to an unspecified URL, aka Bug ID CSCtw55495. |
| The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821. |